SB2016071915 - Spoofing attack in Apple Safari



SB2016071915 - Spoofing attack in Apple Safari

Published: July 19, 2016 Updated: November 22, 2018

Security Bulletin ID SB2016071915
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Spoofing attack (CVE-ID: CVE-2016-4590)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a spoofing attacks.

The vulnerability exists due to a flaw in the parsing of 'about:' URL. A remote unauthenticated attacker can create a specially crafted web site to exploit this vulnerability and spoof user interface elements.

Successful exploitation of this vulnerability may result in disclosure of user information.


Remediation

Install update from vendor's website.